Overview

overview

3

Static

static

1

dheater-0.4.3.zip

windows7-x64

1

dheater-0.4.3.zip

windows10-2004-x64

1

dheater-0....ragerc

windows7-x64

3

dheater-0....ragerc

windows10-2004-x64

3

dheater-0....ignore

windows7-x64

3

dheater-0....ignore

windows10-2004-x64

3

dheater-0....ignore

windows7-x64

3

dheater-0....ignore

windows10-2004-x64

3

dheater-0....ci.yml

windows7-x64

3

dheater-0....ci.yml

windows10-2004-x64

3

dheater-0....lintrc

windows7-x64

3

dheater-0....lintrc

windows10-2004-x64

3

dheater-0....erfile

windows7-x64

1

dheater-0....erfile

windows10-2004-x64

1

dheater-0....SE.txt

windows7-x64

1

dheater-0....SE.txt

windows10-2004-x64

1

dheater-0....EST.in

windows7-x64

3

dheater-0....EST.in

windows10-2004-x64

3

dheater-0....DME.md

windows7-x64

3

dheater-0....DME.md

windows10-2004-x64

3

dheater-0....25.pem

windows7-x64

3

dheater-0....25.pem

windows10-2004-x64

3

dheater-0....48.pem

windows7-x64

3

dheater-0....48.pem

windows10-2004-x64

3

dheater-0....75.pem

windows7-x64

3

dheater-0....75.pem

windows10-2004-x64

3

dheater-0....72.pem

windows7-x64

3

dheater-0....72.pem

windows10-2004-x64

3

dheater-0....25.pem

windows7-x64

3

dheater-0....25.pem

windows10-2004-x64

3

dheater-0....96.pem

windows7-x64

3

dheater-0....96.pem

windows10-2004-x64

3

Analysis

  • max time kernel
    103s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12-07-2024 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dheater-0.4.3/data/dhparam-ffdhe-4096-openssl-325.pem

  • Size

    774B

  • MD5

    b938d72601fdf6b32ded47eeccfb9209

  • SHA1

    8dbcc8193ca2cfb9032c888f0f15b9090dc9d300

  • SHA256

    c08b423e60c81f76b67b49e29327e3d26a4efeeb9cfb014f2dd867a085cbcfaa

  • SHA512

    9b25de82b959af42b615c405b1ffabe5817e6428a9dfd4a394c1203168f92923f196b9afc898900bc7b64e977157ec8f26d58d44a2d811af6b0c7a8ddc062a93

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dheater-0.4.3\data\dhparam-ffdhe-4096-openssl-325.pem
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dheater-0.4.3\data\dhparam-ffdhe-4096-openssl-325.pem
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dheater-0.4.3\data\dhparam-ffdhe-4096-openssl-325.pem"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0c1dbcac2aee29510080ccc089386514

    SHA1

    b5a56a28876b7e2771446f2d1dc7ba8afe3755cf

    SHA256

    cc9c002e40be6550d1fa21318c08ec05e45071d22a9e924ac015f6e76c0aec8f

    SHA512

    f5b1cf97d8f4573352fa7138da9a90956025ca07109b30b819d3150334562634d0438a5e8db7566666192d8416c9ff4a1eb1c4971f5e3d076476cfbca857907b

    Download Submit